Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

CISO Handbook

Guidance for Chief Information Security Officers (CISO)

Introduction

The CISO Handbook was created to educate and inform new and existing CISOs about their role in Federal cybersecurity. It provides resources to help CISOs responsibly apply risk management principles to help Federal agencies meet mission objectives, and makes CISOs aware of laws, policies, tools, and initiatives that can assist them as they develop or improve cybersecurity programs for their organizations.

The Handbook is a key document, coordinated through the CIO and CISO Councils, to improve the vital federal cybersecurity reskilling and workforce development efforts outlined in the President’s Management Agenda.

Key Elements of the Handbook

  • Overview of the CISO role (page 7) and key government-wide organizations (page 11).
  • CISO Reference Sections with high-level information about important cybersecurity documents:
    • Federal risk management publications (page 31)
    • Government-wide policy documents (page 50)
  • Information on the Framework for Improving Critical Infrastructure Cybersecurity (also known as the NIST Cybersecurity Framework or the CSF) and how it can be leveraged in conjunction with other NIST risk management publications.
  • Resources and links for workforce, contracting, and other government-wide services with which CISOs should be familiar.
  • Extensive, searchable appendices that consolidate key statutory language, policy templates, government-wide services, and other previously disparate resources.

 

 

Annual Reporting Schedule

FYQ1

  • Estimated Deadline: January
  • Reporting: Q1 CIO FISMA Reporting, Annual HVA Reporting
  • Responsible Parties: CFO Act Agencies (Required), Small Agencies (Optional)

FYQ2

  • Estimated Deadline: April
  • Reporting: Q2 CIO FISMA Report
  • Responsible Parties: All Civilian Agencies

FYQ3

  • Estimated Deadline: July
  • Reporting: Q3 CIO FISMA Reporting
  • Responsible Parties: CFO Act Agencies (Required), Small Agencies (Optional)

FYQ4

  • Estimated Deadline: October
  • Reporting: Annual CIO FISMA Reporting, Annual IG FISMA Reporting, Annual SAOP FISMA Reporting
  • Responsible Parties: All Civilian Agencies

 

❮   Back to Resoures